Quantcast
Connect with us

US agency that certifies the security of voting machines was itself hacked: report

Published

on

The U.S. agency charged with ensuring that voting machines meet security standards was itself penetrated by a hacker after the November elections, according to a security firm working with law enforcement on the matter.

The security firm, Recorded Future, was monitoring underground electronic markets where hackers buy and sell wares and discovered someone offering log-on credentials for access to computers at the U.S. Election Assistance Commission, company executives said.

ADVERTISEMENT

Posing as a potential buyer, the researchers engaged in a conversation with the hacker, said Levi Gundert, vice president of intelligence at the company, and Andrei Barysevich, director of advanced collection.

Eventually they discovered that the Russian-speaking hacker had obtained the credentials of more than 100 people at the election commission after exploiting a common database vulnerability, the researchers said.

The hacker was trying to sell information about the vulnerability to a Middle Eastern government for several thousand dollars, but the researchers alerted law enforcement and said Thursday that the hole had been patched.

The Election Assistance Commission said in a statement late Thursday that it had become aware of a “potential intrusion” and was “working with federal law enforcement agencies to investigate the potential breach and its effects.”

“The FBI is currently conducting an ongoing criminal investigation,” the statement added.

ADVERTISEMENT

The election commission certifies voting systems and develops standards for technical guidelines and best practices for election officials across the country.

The researchers said the hacker had an unusual business model, scanning for ways to break into all manner of businesses and other entities and then moving rapidly to sell that access, rather than stealing the data himself.

“We don’t think he actually works for any government or is super sophisticated,” Barysevich said.

ADVERTISEMENT

In the case of the election commission, the hacker used methods including an SQL injection, a well known and preventable flaw, obtaining a list of user names and obfuscated passwords, which he was then able to crack.

Though much of the commission’s work is public, the hacker gained access to non-public reports on flaws in voting machines.

ADVERTISEMENT

In theory, someone could have used knowledge of such flaws to attack specific machines, said Matt Blaze, an electronic voting expert and professor at the University of Pennsylvania.

The researchers were confident that the hacker moved to sell his access soon after getting it, meaning that he was not inside the system before election day.

The U.S. voting process is decentralized and there were no reports of widespread fraud in November.

ADVERTISEMENT

The Election Assistance Commission was created by the Help America Vote Act of 2002 and is led by presidential appointees.

(Editing by Jonathan Weber and Leslie Adler)


Report typos and corrections to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Breaking Banner

Trump declares impeachment ‘dead’ — and demands apology — in late night Twitter outburst

Published

on

President Donald Trump lashed out on his favorite social media platform late Thursday evening.

Eight minutes before midnight eastern time, Trump unloaded.

Trump wrote, "Democrats must apologize to USA: Ukrainian Foreign Minister Vadym Prystaiko said that 'United States Ambassador Gordon Sondland did NOT link financial military assistance to a request for Ukraine to open up an investigation into former V.P. Joe Biden & his son, Hunter Biden. Ambassador Sondland did not tell us, and certainly did not tell me, about a connection between the assistance and the investigation.'”

Trump did not say why he was taking the word of a foreign official over multiple sworn testimonies from members of his own administration.

Continue Reading

Breaking Banner

Pelosi is ‘marrying up the facts and the law’: Ex-prosecutor says ‘bribery’ is a critical indictment of Trump

Published

on

Speaker Nancy Pelosi was masterful in using the word "bribery" to describe President Donald Trump's actions with Ukraine that are at the heart of the impeachment inquiry, according to a former federal prosecutor.

MSNBC anchor Brian Williams interviewed former Assistant U.S. Attorney Berit Berger on Thursday evening's "The Last Word."

Please expand for us on why it is significant and why is it important to label this bribery," Williams said.

"So I think Nancy Pelosi was very specific in calling this bribery for two reasons," Berger replied.

"The first is that -- unlike quid pro quo -- ribery is something that most people understand, especially people who have children," she said, with a chuckle. "We all sort of have a general understanding of that."

Continue Reading
 

Breaking Banner

Giuliani henchmen showered Republican with cash — and Trump almost made him ambassador to Ukraine: report

Published

on

Yet another bombshell report has shed new light on President Donald Trump's suspicious Ukraine policies.

"At the same time that Rudy Giuliani and his now-indicted pals were pushing for President Donald Trump to remove Amb. Marie Yovanovitch from her post in Ukraine, Trump administration officials were eyeing potential contenders to take over her job. One of the people in the mix, according to three sources familiar with the discussions, was Rep. Pete Sessions, a former Congressman who called for Yovanovitch’s firing," The Daily Beast reported Thursday night. "He is also a longtime ally of the former New York Mayor, and is believed to have taken millions of dollars from Giuliani’s indicted cronies."

Continue Reading
 
 
Help Raw Story Uncover Injustice. Join Raw Story Investigates for $1 and go ad-free.
close-image